Jump to content
Sign in to follow this  
Marco.k

sending spam with port 25 closed

Recommended Posts

I was wondering:

Why do some ISP's allow inbound smtp trafic to ports like 587.

I dont understand why a smtp server want to get it's mail deliverd on a other port than 25.

(you cant say in a mx record you want your mail deliver at port x .. so)

Normal other MTA's dont deliver mail on it and clients shut be or from there network or authenticated.

Are there many more of these port where some mailservers accept mail to there domain ?

Greatings,

Marco.

Share this post


Link to post
Share on other sites

I was wondering:

Why do some ISP's allow inbound smtp trafic to ports like 587.

I dont understand why a smtp server want to get it's mail deliverd on a other port than 25.

(you cant say in a mx record you want your mail deliver at port x .. so)

Normal other MTA's dont deliver mail on it and clients shut be or from there network or authenticated.

Are there many more of these port where some mailservers accept mail to there domain ?

1. You can run SMTP on any port (including 80, if you REALLY want to), so shutting down any single port because it could be used for email is just not very efficient.

2. Many companies/ISP's accept authenticated SMTP on an alternate address and block port 25 "on their internal network" because the majority of malware use the default port (because that is where most people would look of an open SMTP server). If they block port 25, they need to open some way for their customers to send email.

3. The ISP's servers still accept and send their messages to the (external) internet on port 25.

4. Most mail servers CAN deliver SMTP traffic on any defined port. Many times this is used to put a virus or content scanner in the mail path. Scanner accepts email on port 25, does it's thing, then transmits to the same IP on a different port. It allows smaller places to not need to devote a separate machine for these type services.

Share this post


Link to post
Share on other sites

1. I know and agree on this.

2. Why do they accept mail from outside the internal network at a other port then 25?

3. I know of one and will find more mail servers that accept mail from internet at port 587 ( dont know why .. and they ask me for a header if i ask why)

4. Is it not a good idea to let only your own MTA's deliver mail to that part of the platform ?

5. I cant understand why any ISP has a smtp server accepting mail from the internet at a other port then 25.

Share this post


Link to post
Share on other sites
2. Why do they accept mail from outside the internal network at a other port then 25?

3. I know of one and will find more mail servers that accept mail from internet at port 587 ( dont know why .. and they ask me for a header if i ask why)

4. Is it not a good idea to let only your own MTA's deliver mail to that part of the platform ?

5. I cant understand why any ISP has a smtp server accepting mail from the internet at a other port then 25.

The magic word you seem to be skipping over is "authentication" .....

When an ISP/host "blocks Port 25" it is normally 'outgoing' traffic that is blocked .. such that 'your computer' cannot make an SMTP connection to an e-mail server elsewhere (default configurations of everything assumed here)

The methodolgy to 'allow' you to make a connection to an 'external' e-mail server is to then use a non-standard Port and require a login to actually use that connection .... that this has been around for so long, the 'non-standard' Port assignement has in fact become somewhat 'standard' .... but, as stated above, any Port can be assigned / used ....

What I haven't figured out yet is why you are asking about "how e-mail / SMTP works" here .... but chose to specify 'sending spam' in your Subject title .... in general, the sending of spam via an authenticated connection (by other than the real account holder) would be because the account information had been compromised ....

Share this post


Link to post
Share on other sites

1. I know and agree on this.

2. Why do they accept mail from outside the internal network at a other port then 25?

3. I know of one and will find more mail servers that accept mail from internet at port 587 ( dont know why .. and they ask me for a header if i ask why)

4. Is it not a good idea to let only your own MTA's deliver mail to that part of the platform ?

5. I cant understand why any ISP has a smtp server accepting mail from the internet at a other port then 25.

2. For their customers/users "on the road", for instance. Many companies will do this. The connections would usually require a username/password. This overcomes port 25 blocking on their employees personal networks, for instance.

3. They accept and send all messages without authentication? If so, you should bump up the security chain at those organizations. It is also possible these are infected PC's that have been controlled by the spammers.

4. It depends on the needs of the organization.

5. See number 2.

Share this post


Link to post
Share on other sites

The magic word you seem to be skipping over is "authentication" .....

When an ISP/host "blocks Port 25" it is normally 'outgoing' traffic that is blocked .. such that 'your computer' cannot make an SMTP connection to an e-mail server elsewhere (default configurations of everything assumed here)

The methodolgy to 'allow' you to make a connection to an 'external' e-mail server is to then use a non-standard Port and require a login to actually use that connection .... that this has been around for so long, the 'non-standard' Port assignement has in fact become somewhat 'standard' .... but, as stated above, any Port can be assigned / used ....

What I haven't figured out yet is why you are asking about "how e-mail / SMTP works" here .... but chose to specify 'sending spam' in your Subject title .... in general, the sending of spam via an authenticated connection (by other than the real account holder) would be because the account information had been compromised ....

Ok ill explain why i asked it.

The ISP where i work recently blocked all outging trafic to port 25 from our customers.

The amount of spam being send from our network has dropped massively.

Only we are still are getting some complains.

Afther checking the headers it looked like they where still being deliverd directly to the complaining party.

Afther some checking and testing some of the complainers where accepting mail to there domain at a other port then port 25.

So it looks like there are some spam bots that go around the block that way.

I was hoping one of you have seen this before or know why this is ( is it a bad configuration of the complaining party?)

Greatings,

Marco

2. For their customers/users "on the road", for instance. Many companies will do this. The connections would usually require a username/password. This overcomes port 25 blocking on their employees personal networks, for instance.

3. They accept and send all messages without authentication? If so, you should bump up the security chain at those organizations. It is also possible these are infected PC's that have been controlled by the spammers.

4. It depends on the needs of the organization.

5. See number 2.

2. see 3

3. The customers/ users on the road seem to only need authentication when sending away from the isp.

So the mail server accepts mail to it's domain(s) at other ports then port 25.

Is it me or is this a misconfiguration ?

ps Not giving the servers becouse i dont want them to get more spam.

Greatings,

Marco

Share this post


Link to post
Share on other sites
3. The customers/ users on the road seem to only need authentication when sending away from the isp.

So the mail server accepts mail to it's domain(s) at other ports then port 25.

Is it me or is this a misconfiguration ?

As stated by others. Mail can be received and/or sent from ANY port which has been set up for that purpose. Port 25 is the world wide default.
25/TCP,UDP SMTP - used for e-mail routing between mailservers E-mails - Official
Mail sent on non standard ports can only be received by servers that have also been set up to receive mail on the same non standard port that was used to send it.

With security issues becomming a greater concern to all, the use of SSL to send mail has increased.

There are other standard SMTP related ports:

366/TCP,UDP SMTP, Simple Mail Transfer Protocol. ODMR, On-Demand Mail Relay

465/TCP SMTP over SSL - CONFLICT with registered Cisco protocol

Reference source http://en.wikipedia.org/wiki/List_of_TCP_a...DP_port_numbers

Companies wanting greater security for their mail will use Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL) or some other method of encryption and for even greater security with use a non standard port for transmission. They realize that most people will not be able to receive mail sent to them using this method as both the receiving end and sending end must be configuered the same for it to work.

Note the same applies to web sites. Want a more secure web site. Set it up on a non standard port. Anyone trying to access it will have to include the port number in the URL. Standard search engines will never find these private web sites using their bots as they are restricted to port 80.

Share this post


Link to post
Share on other sites

3. The customers/ users on the road seem to only need authentication when sending away from the isp.

So the mail server accepts mail to it's domain(s) at other ports then port 25.

Is it me or is this a misconfiguration ?

To me that would be a misconfiguration, but thay may have a reason for it. Their server, their rules. I can think of no reason to have a straight SMTP connection open on an alternate port.

BTW, thanks for the explaination of your problem.

Share this post


Link to post
Share on other sites
To me that would be a misconfiguration, but thay may have a reason for it. Their server, their rules. I can think of no reason to have a straight SMTP connection open on an alternate port.

BTW, thanks for the explaination of your problem.

Thanks for thinking allong.

Ill try and contact the server admins, and ofcours contact the users that are sending the spam ( asking them to clean the infected computers).

Greatings.

Marco

Edit:

ps Indeed their server and rules .. but they do complain about spam, so gues they want it to stop :)

Share this post


Link to post
Share on other sites
Why do some ISP's allow inbound smtp trafic to ports like 587.Are there many more of these port where some mailservers accept mail to there domain ?

Looking for a good topic for my 100th post, so...

Believe it or not, port 587 is an SMTP port for "mail submission" (I know, this was news to me). See IETF RFC 2476.

If I have this right, an end-user's mail program (Mail User Agent or MUA) can contact a cooperative mail host on port 587 and submit a message using SMTP procedures. The mail host (MTA) that supports this kind of stuff then becomes a "Mail Submission Agent" (MSA).

If you check your friendly local /etc/services file (or IANA's list of well-known services, you will find that port 587 is "well known" for a service called "submission"

Like I said, this was quite new to me. It seems like an altogether bad idea to allow submission directly from MUAs (sounds awfully like direct-to-MX spamming). The RFC was written in 1998, when most spam still went via open relays rather than direct-to-MX.

Sounds like a white-hat ISP would want to block outgoing traffic on 587 as well as 25.

-- rick

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×